MIRACL Trust provides a JavaScript library that lets you implement custom verification flows that best suit your use case - MIRACL Trust Client JS Library .
As a preliminary step, you need to configure the verification .
To register the device, your web application must consume the Verification URL obtained by the verification request. This URL can then be directly returned to the application where the verification process is completed.
When the end user’s User ID is verified, you must request the Verification URL to be sent from the platform. The Verification URL is generated by making an authenticated POST request to <https://<PROJECT_DOMAIN>/verification>.
curl \
--request POST \
--user "${CLIENT_ID}:${CLIENT_SECRET}" \
--data '{
"projectId": "'"${PROJECT_ID}"'",
"userId": "'"${USER_ID}"'",
"deviceName": "'"${DEVICE_NAME}"'",
"expiration": "'"${EXPIRATION}"'",
"delivery": "no"
}' \
https://${PROJECT_DOMAIN}/verification
With the following response:
{
"verificationURL": "https://<PROJECT_DOMAIN>/verification/confirmation?user_id=<USER_ID>&code=<CODE>"
}
All values are redacted.
See MIRACL Trust Backend API for more details.
The end user must follow the URL from the response to enrol a new device.
Another option is to send the URL to the end user via any appropriate secure channel (email, SMS, etc.).
Use the received Verification URL and the getActivationToken
method of the
library
to get an activation token and register the browser:
mcl.getActivationToken(
"https://yourdomain.com/verification/confirmation?user_id=alice@miracl.com&code=theVerificationCode",
function callback(err, result) {
if (err) {
// Handle any potential errors
}
console.log(result.actToken);
},
);
To finish the
registration
,
call the register
method using the received activation token (actToken
):
mcl.register(
userId,
actToken,
function (passPin) {
// Here you need to prompt the user for their PIN
// and then call the passPin argument with the value
passPin(pin);
},
function callback(err) {
if (err) {
// Handle any potential errors
}
},
);
If the registration is successful, the enrolment process is completed. End users can now authenticate using the PIN chosen for the device. They can go through the verification process for each device they want to use for authentication or use QuickCode , if enabled, to enrol additional devices using the already enrolled one.
sequenceDiagram
actor User Agent
participant RPA as Relying Party Application
participant MIRACL Trust
RPA->>MIRACL Trust: POST /verification
MIRACL Trust-->>RPA: Verification URL
RPA-->>User Agent: Pass Verification URL
User Agent->>MIRACL Trust: getActivationToken
MIRACL Trust-->>User Agent: Activation Token
User Agent->>MIRACL Trust: register(userId, actToken)
MIRACL Trust-->>User Agent: Registration data
User Agent->>User Agent: Prompt for PIN
End user enters PIN
User Agent-->>User Agent: Registration completes
Relying Party Application is your application’s back end.